-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
181 lines (151 loc) · 4.93 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# Base image for Debian-based distributions (e.g. `debian:10` or `ubuntu:18.04`)
ARG DEBIAN_BASE=ubuntu:18.04
# Base image for CentOS-based distributions (e.g. `centos:7` or `centos:8`)
ARG CENTOS_BASE=centos:7
# Intermediate image to use as Opam-enabled distribution (e.g. `opam-alpine` or
# `opam-debian-based`).
ARG OPAM_BASE=opam-centos-based
FROM debian:12-slim AS downloader
# Add user with password-less sudo
ARG user=main
RUN useradd --create-home "$user" \
&& apt-get update \
&& apt-get install -y sudo \
&& apt-get clean \
&& echo "$user" ALL=\(root\) NOPASSWD:ALL > "/etc/sudoers.d/$user" \
&& chmod 0440 "/etc/sudoers.d/$user"
ENV PATH=/home/$user/.local/bin:$PATH
USER "$user"
# Install packages
USER root
RUN apt-get update \
&& apt-get install -y \
unzip \
wget \
&& apt-get clean
USER "$user"
# Add script for downloading files
COPY --chown="$user:$user" ci/static-dl /usr/local/bin/static-dl
RUN chmod +x /usr/local/bin/static-dl
RUN mkdir "/home/$user/workdir"
WORKDIR "/home/$user/workdir"
FROM downloader AS files-opam
RUN static-dl \
--url https://github.com/ocaml/opam/releases/download/2.2.0/opam-2.2.0-x86_64-linux \
--hash cc8c6db2110ae4e287a82fa7fa7d9c26045633107fac26a83894a5db2379a316 \
--out opam
RUN chmod +x opam
FROM $DEBIAN_BASE AS opam-debian-based
# Add user with password-less sudo
ARG user=main
RUN useradd --create-home "$user" \
&& apt-get update \
&& apt-get install -y sudo \
&& apt-get clean \
&& echo "$user" ALL=\(root\) NOPASSWD:ALL > "/etc/sudoers.d/$user" \
&& chmod 0440 "/etc/sudoers.d/$user"
ENV PATH=/home/$user/.local/bin:$PATH
USER "$user"
# Install packages
USER root
RUN apt-get update \
&& apt-get install -y \
bzip2 \
gcc \
git \
make \
patch \
rsync \
unzip \
wget \
&& apt-get clean
USER "$user"
# Set up the OCaml environment
ARG OCAML_VERSION
COPY --from=files-opam /home/$user/workdir/opam /usr/local/bin/opam
RUN opam init --yes --compiler "$OCAML_VERSION" --disable-sandboxing
RUN mkdir "/home/$user/workdir"
WORKDIR "/home/$user/workdir"
FROM $CENTOS_BASE AS opam-centos-based
# Fix repository URLs (because CentOS 7 is deprecated)
RUN . /etc/os-release \
&& if [ "$ID" = "centos" ] && ([ "$VERSION_ID" = "7" ] || [ "$VERSION_ID" = "8" ]); then \
sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo; \
sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo; \
sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo; \
fi
# Add user with password-less sudo
ARG user=main
RUN useradd --create-home "$user" \
&& yum install -y sudo \
&& yum clean all \
&& rm -rf /var/cache/yum \
&& echo "$user" ALL=\(root\) NOPASSWD:ALL > "/etc/sudoers.d/$user" \
&& chmod 0440 "/etc/sudoers.d/$user"
ENV PATH=/home/$user/.local/bin:$PATH
USER "$user"
# Install packages
USER root
RUN yum install -y \
bzip2 \
diffutils \
gcc \
git \
make \
patch \
rsync \
unzip \
wget \
&& yum clean all \
&& rm -rf /var/cache/yum
USER "$user"
# Set up the OCaml environment
ARG OCAML_VERSION
COPY --from=files-opam /home/$user/workdir/opam /usr/local/bin/opam
RUN opam init --yes --compiler "$OCAML_VERSION" --disable-sandboxing
RUN mkdir "/home/$user/workdir"
WORKDIR "/home/$user/workdir"
FROM alpine:3.20.1 AS opam-alpine
# Add user with password-less sudo
ARG user=main
RUN addgroup "$user" \
&& adduser --disabled-password --home "/home/$user" --ingroup "$user" "$user" \
&& apk add --no-cache sudo \
&& echo "$user" ALL=\(root\) NOPASSWD:ALL > "/etc/sudoers.d/$user" \
&& chmod 0440 "/etc/sudoers.d/$user"
ENV PATH=/home/$user/.local/bin:$PATH
USER "$user"
# Install packages
USER root
RUN apk add --no-cache \
bash \
build-base \
bzip2 \
git \
patch \
pkgconfig \
rsync \
unzip \
wget
USER "$user"
# Set up the OCaml environment
ARG OCAML_VERSION
COPY --from=files-opam /home/$user/workdir/opam /usr/local/bin/opam
RUN opam init --yes --compiler "$OCAML_VERSION" --disable-sandboxing
RUN mkdir "/home/$user/workdir"
WORKDIR "/home/$user/workdir"
FROM $OPAM_BASE AS main
COPY --chown="$user:$user" cs_api_client.opam cs_api_client.opam.locked .
RUN opam pin add --yes --no-action --kind path --locked . \
&& (. /etc/os-release && [ "$ID" = 'alpine' ] && sudo apk update || true) \
&& opam update \
&& opam install --confirm-level unsafe-yes \
--deps-only --with-test --with-dev-setup --locked cs_api_client \
&& opam clean --all-switches --download-cache --logs --repo-cache \
&& (. /etc/os-release && [ "$ID" = 'alpine' ] && sudo apk cache clean || true)
COPY --chown="$user:$user" . .
ARG VERSION
RUN ./ci/subst.bash "$VERSION" \
&& opam install .
RUN mkdir /home/$user/build \
&& cp $(opam var bin)/cs-api /home/$user/build